The present invention relates to computer security, and more particularly to enhancing security of computer systems through consideration of the security interdependence of software components.
Software components that run on computer systems, such as applications, operating systems, sharable libraries and system drivers, often have undetected flaws that can be exploited by malicious computer programs that are received over the Internet or other communication network. Such malicious programs, sometimes called malware, include Trojans, viruses, worms, spyware and the like. Known security systems for computer systems attempt to combat malware by trying to prevent it from compromising any part of the computer system. Such security systems include anti-virus detection and removal systems, system behavior analysis systems and packet inspection systems. Additionally, some computer operating systems require integrity verification of individual software components before allowing them to execute on the computer system. Such integrity verification schemes usually involve a hash check of individual software components.
While these security features can significantly improve computer system security, they generally neglect the security interdependence of software components. It is often the case that when one software component is non-operational or its integrity has been violated, another software component that has security dependency on the inactive or compromised component is rendered more vulnerable. For example, an application on a computer node may become more vulnerable if a firewall application that protects the software system of the computer node is inactive. Or an application on a computer node may become more vulnerable if a shared library utilized by the application has been compromised. In these situations and others, computer system security could be significantly enhanced by taking into account security dependencies of software components when determining operational privileges.